Juniper Mist Access Assurance
The Juniper Mist Access Assurance service provides secure wired and wireless network access control based on user and device identities. The service enforces zero-trust network access policies for guest, IoT, BYOD, and corporate devices. Cloud-hosted, microservices-based authentication eases IT operations by delivering a full suite of access controls within a flexible yet simple authorization policy framework.
Access Assurance extends Juniper Mist IoT Assurance, which simplifies the onboarding of headless IoT and BYOD devices, to wired and wireless business devices using 802.1X authentication or MAC Authentication Bypass (MAB) methods for non-802.1X clients.
- Client-first experience
- Granular identity fingerprinting
- Network policy enforcement
- High availability and geo-affinity
- Single-pane-of-glass management
- Automatic software updates
- API-driven architecture
Features + Benefits
Access Assurance provides a holistic, unified view of the client connectivity experience and can easily identify a problem and perform root-cause analysis. All client events, including connection and authentication successes and failures, are captured by the Juniper Mist cloud, simplifying day-to-day operations and quickly identifying end-user connectivity issues.
Granular Identity Fingerprinting
Access Assurance provides identity fingerprinting based on X.509 certificate attributes. It also uses intrusion detection and prevention information, such as group membership, user account state, mobile device management (MDM) compliance state, client lists, and user location, for more granular fingerprinting.
Network Policy Enforcement
Based on user and device identity, Access Assurance can instruct the network to assign users specific roles and group them into network segments using VLAN or Group-Based Policy (GBP) technology. The service can then enforce network policies associated with each segment.
High Availability and Geo-Affinity
With Access Assurance, organizations gain reliable, low-latency network access control whether they need to cover a single location or a multisite deployment. Juniper has deployed cloud instances of Access Assurance in multiple regional locations to direct authentication traffic to the nearest instance for optimal response times.
Leveraging the Juniper Mist cloud-native, full-stack network management platform, Access Assurance removes the infrastructure requirements of other network access vendors’ solutions and enables consistent client experiences regardless of location.
Automatic Software Updates
The Juniper Mist microservices-based cloud architecture keeps Access Assurance optimized with the most advanced technologies. New features, security patches, and updates are automatically added to Access Assurance on a bi-weekly basis without interruptions or service downtime.
External Directory Services Support
Access Assurance provides authentication services by integrating external directory services, such as Google Workspace, Microsoft Azure Active Directory, Okta Workforce Identity, and others. It also integrates external Public Key Infrastructure (PKI) and MDM platforms.
100% Programmable APIs
The Juniper Mist platform is fully programmable using open APIs for easy integration with external security information and event management (SIEM), IT service management, and other platforms for both configuration and policy assignment.
Training and Community
Find Juniper Mist Access Assurance in these solutions
With the right solutions, IoT unlocks efficiencies to provide a positive customer experience, which drives stickiness into brand and product loyalty, ultimately resulting in increased revenue.
Juniper Networks can unlock the full potential of your network, and managing IoT at any scale with seamless connectivity and security that work across any network, any cloud and anywhere.
AI-driven automation and insight, coupled with the agility and reliability of a microservices cloud, deliver optimized wireless access experiences and simplified network operations.
The wired portfolio, coupled with wireless, combines performance and simplicity at scale, while delivering optimized experiences to users and devices with AI-driven insights and automation.
AIOps Driven by Mist AI
Juniper transforms IT operations with Mist AI and a virtual network assistant for self-driving capabilities and AI-driven support. Mist AI optimizes user experiences from client to cloud and simplifies IT operations across the WLAN, LAN, and WAN.
Juniper Mist Access Assurance FAQs
Who should deploy Juniper Mist Access Assurance?
The Juniper Mist Access Assurance cloud service is essential for organizations of all types and sizes that want to protect their network and data from unauthorized access. Any business or institution with a network of multiple users and devices, such as employees, guests, contractors, and IoT devices, can benefit by using Access Assurance to help improve its security posture.
What are the primary functions of Access Assurance?
The cloud-native service controls who can access your network using a zero-trust approach, enforces security policies, and helps guard against malware and other security threats. You can also use it to ensure compliance with regulatory requirements and improve overall network visibility and control.
What unique advantages does Juniper Mist Access Assurance provide?
Access Assurance offers numerous features that help enterprises tighten network and data security:
- Secure network access control for guest, IoT, BYOD, and corporate devices based on user and device identities. These capabilities are delivered using 802.1X authentication or, for non-802.1X devices, the MAC Authentication Bypass (MAB) protocol.
- A microservices-based cloud architecture for maximum agility, scalability, and performance. Regional service instances minimize latency for enhanced user experiences.
- 100% programmability. The service supports open APIs for full automation and seamless integration with external SIEM and ITSM systems for both configuration and policy assignment.
- Visibility into end-to-end user connectivity and experience levels across the network stack.
- Optimized Day 0/1/2 operations through a unified IT management experience across the full network stack, including wired and wireless LAN access.
How are Juniper Mist Access Assurance and Juniper Mist IoT Assurance related?
Access Assurance builds on IoT Assurance to deliver unified controls for the 802.1X authentication-based onboarding and management of corporate devices and the MAC-less onboarding of non-802.1X IoT and BYOD devices.
What network devices and connections does Juniper Mist Access Assurance support?
Access Assurance works with a diverse range of both wired and wireless LAN-connected devices and enables administrators to bring them into compliance. Among them:
- Traditionally managed devices, such as corporate-owned laptops, tablets, and smartphones
- Unattended IoT and other M2M devices
- Manageable but traditionally unmanaged devices, such as user-owned computers and phones (BYOD)
- Shadow IT devices
- Guest devices
How does Juniper Mist Access Assurance differ from traditional network access control (NAC)?
Network access control (NAC) is a decades-old security technology for network device onboarding and policy management. However, traditional NAC suffers from architectural challenges. For example, the explosion of different unattended device types, complexities of disaggregated networks, and on-premises NAC implementations expose ever-increasing risks and vulnerabilities.
The Access Assurance cloud-native solution solves these problems by verifying the following information before allowing a device to connect:
- Who is trying to connect, determined using identity fingerprinting and user context
- Where the connection is originating, such as a specific site or VLAN
- What permissions and other access policies are associated with the user and the device attempting to connect
- How the user/device is attempting to establish access; what type of network connection they are using
What is 802.1X authentication?
802.1X is an Ethernet LAN authentication protocol used to provide secure access to a computer network. It’s a standard defined by the Institute of Electrical and Electronics Engineers (IEEE) for port-based network access control. As such, its main purpose is to verify that a device attempting to connect to the network is actually what it claims to be. 802.1X is commonly used in enterprise networks to protect against unauthorized access, enforce security policies, and make sure that data transmitted over the network is secure.
What is MAC Authentication Bypass (MAB)?
MAB is a network access control protocol that bases a grant or deny decision exclusively on the endpoint’s media access control (MAC) address. It’s often used within the context of a larger, standard 802.1X authentication framework for the subset of devices that don’t support 802.1X client, or supplicant, software, such as M2M/IoT and BYOD devices.